From 865e086bd45c0fe097769d913ced37c4b35243d8 Mon Sep 17 00:00:00 2001 From: Akhil Narang Date: Wed, 18 Jun 2025 12:33:36 +0530 Subject: [PATCH] build: bump dependencies (#32975) * build(deps): bump babel Signed-off-by: Akhil Narang * build(deps): bump filelock Signed-off-by: Akhil Narang * build(deps): bump GitPython Signed-off-by: Akhil Narang * build(deps): bump Jinja2 Signed-off-by: Akhil Narang * build(deps): bump Pillow Signed-off-by: Akhil Narang * build(deps): bump PyJWT Signed-off-by: Akhil Narang * build(deps): bump pypdf Signed-off-by: Akhil Narang * build(deps): bump pydyf Signed-off-by: Akhil Narang * build(deps): bump werkzeug Signed-off-by: Akhil Narang * build(deps): bump bs4 Signed-off-by: Akhil Narang * build(deps): bump bleach Signed-off-by: Akhil Narang * build(deps): bump chardet Signed-off-by: Akhil Narang * build(deps): bump croniter Signed-off-by: Akhil Narang * build(deps): bump cryptography Signed-off-by: Akhil Narang * build(deps): bump pyopenssl Signed-off-by: Akhil Narang * build(deps): bump cssutils Signed-off-by: Akhil Narang * build(deps): bump markdown2 Signed-off-by: Akhil Narang * build(deps): bump markupsafe Signed-off-by: Akhil Narang * build(deps): bump num2words Signed-off-by: Akhil Narang * build(deps): bump openpyxl Signed-off-by: Akhil Narang * build(deps): bump phonenumbers Signed-off-by: Akhil Narang * build(deps): bump psutil Signed-off-by: Akhil Narang * build(deps): bump pydantic Signed-off-by: Akhil Narang * build(deps): bump pyotp Signed-off-by: Akhil Narang * build(deps): bump dateutil Signed-off-by: Akhil Narang * build(deps): bump ipython Signed-off-by: Akhil Narang * build(deps): bump pytz Signed-off-by: Akhil Narang * build(deps): bump hiredis Signed-off-by: Akhil Narang * build(deps): bump requests-oauthlib Signed-off-by: Akhil Narang * build(deps): bump requests Signed-off-by: Akhil Narang * build(deps): bump rsa Signed-off-by: Akhil Narang * build(deps): bump sql_metadata Signed-off-by: Akhil Narang * build(deps): bump tenacity Signed-off-by: Akhil Narang * build(deps): bump traceback-with-variables Signed-off-by: Akhil Narang * build(deps): bump tomli Signed-off-by: Akhil Narang * build(deps): bump uuid-utils Signed-off-by: Akhil Narang * build(deps): bump xlrd Signed-off-by: Akhil Narang * build(deps): bump zxcvbn Signed-off-by: Akhil Narang * build(deps): bump markdownify Signed-off-by: Akhil Narang * build(deps): bump google libraries Signed-off-by: Akhil Narang * build(deps): bump posthog Signed-off-by: Akhil Narang * build(deps): bump vobject Signed-off-by: Akhil Narang * fix(zxcvbn): set max password length as 128 We allow checking till 128 characters, v4.5.0 has a default max of 72 Signed-off-by: Akhil Narang --------- Signed-off-by: Akhil Narang --- frappe/utils/password_strength.py | 2 +- pyproject.toml | 88 +++++++++++++++---------------- 2 files changed, 45 insertions(+), 45 deletions(-) diff --git a/frappe/utils/password_strength.py b/frappe/utils/password_strength.py index c880d412a6..32c6d567de 100644 --- a/frappe/utils/password_strength.py +++ b/frappe/utils/password_strength.py @@ -25,7 +25,7 @@ def test_password_strength(password: str, user_inputs: "Iterable[object] | None" # will still be checked. password = password[:128] - result = zxcvbn(password, user_inputs) + result = zxcvbn(password, user_inputs, max_length=128) result["feedback"] = get_feedback(result.get("score"), result.get("sequence")) return result diff --git a/pyproject.toml b/pyproject.toml index 9912ed905d..10fa3ff521 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -9,85 +9,85 @@ readme = "README.md" dynamic = ["version"] dependencies = [ # core dependencies - "Babel~=2.13.1", + "Babel~=2.16.0", "Click~=8.2.0", - "filelock~=3.13.1", + "filelock~=3.18.0", "filetype~=1.2.0", - "GitPython~=3.1.34", - "Jinja2~=3.1.2", - "Pillow~=11.0.0", - "PyJWT~=2.8.0", + "GitPython~=3.1.44", + "Jinja2~=3.1.6", + "Pillow~=11.2.1", + "PyJWT~=2.10.1", # We depend on internal attributes, # do NOT add loose requirements on PyMySQL versions. "PyMySQL==1.1.1", - "pypdf~=3.17.0", + "pypdf~=5.6.0", "PyPika @ git+https://github.com/frappe/pypika@093984977ce157d35e048c51d9ff55a1f0f44570", "mysqlclient==2.2.7", "PyQRCode~=1.2.1", "PyYAML~=6.0.2", "RestrictedPython~=8.0", "WeasyPrint==59.0", - "pydyf==0.10.0", - "Werkzeug==3.0.6", + "pydyf==0.11.0", + "Werkzeug==3.1.3", "Whoosh~=2.7.4", - "beautifulsoup4~=4.12.2", + "beautifulsoup4~=4.13.4", "bleach-allowlist~=1.0.3", - "bleach[css]~=6.0.0", - "chardet~=5.1.0", - "croniter~=2.0.1", - "cryptography~=44.0.1", - "cssutils~=2.9.0", + "bleach[css]~=6.2.0", + "chardet~=5.2.0", + "croniter~=6.0.0", + "cryptography~=45.0.4", + "cssutils~=2.11.1", "email-reply-parser~=0.5.12", "gunicorn @ git+https://github.com/frappe/gunicorn@bb554053bb87218120d76ab6676af7015680e8b6", "html5lib~=1.1", - "ipython~=8.15.0", + "ipython~=8.37.0", "ldap3~=2.9", - "markdown2~=2.4.8", - "MarkupSafe>=2.1.0,<3", - "num2words~=0.5.12", + "markdown2~=2.5.3", + "MarkupSafe~=3.0.2", + "num2words~=0.5.14", "oauthlib~=3.2.2", - "openpyxl~=3.1.2", + "openpyxl~=3.1.5", "passlib~=1.7.4", "pdfkit~=1.0.0", - "phonenumbers==8.13.55", + "phonenumbers~=9.0.7", "premailer~=3.10.0", - "psutil~=5.9.5", + "psutil~=7.0.0", "psycopg2-binary~=2.9.1", - "pyOpenSSL~=25.0.0", - "pydantic~=2.10.2", - "pyotp~=2.8.0", - "python-dateutil~=2.8.2", - "pytz==2023.3", + "pyOpenSSL~=25.1.0", + "pydantic~=2.11.7", + "pyotp~=2.9.0", + "python-dateutil~=2.9.0", + "pytz==2025.2", "rauth~=0.7.3", "redis~=6.2.0", - "hiredis~=3.0.0", - "requests-oauthlib~=1.3.1", - "requests~=2.32.0", + "hiredis~=3.2.1", + "requests-oauthlib~=2.0.0", + "requests~=2.32.4", # We depend on internal attributes of RQ. # Do NOT add loose requirements on RQ versions. # Audit the code changes w.r.t. background_jobs.py before updating. "rq==2.4.0", - "rsa>=4.1", + "rsa~=4.9", "semantic-version~=2.10.0", "sentry-sdk~=1.45.1", "sqlparse~=0.5.0", - "sql_metadata~=2.11.0", - "tenacity~=8.2.2", + "sql_metadata~=2.17.0", + "tenacity~=9.1.2", "terminaltables~=3.1.10", - "traceback-with-variables~=2.0.4", + "traceback-with-variables~=2.2.0", "typing_extensions>=4.6.1,<5", - "tomli~=2.0.1", - "uuid-utils~=0.10.0", - "xlrd~=2.0.1", - "zxcvbn~=4.4.28", - "markdownify~=0.14.1", + "tomli~=2.2.1", + "uuid-utils~=0.11.0", + "xlrd~=2.0.2", + "zxcvbn~=4.5.0", + "markdownify~=1.1.0", # integration dependencies - "google-api-python-client~=2.2.0", - "google-auth-oauthlib~=0.4.4", - "google-auth~=1.29.0", - "posthog~=3.21.0", - "vobject~=0.9.7", + "google-api-python-client~=2.172.0", + "google-auth-oauthlib~=1.2.2", + "google-auth~=2.40.3", + "posthog~=5.0.0", + "vobject~=0.9.9", "pycountry~=24.6.1", ]